bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[J.P.]

[-- Attachment #1: Type: text/plain, Size: 5115 bytes --]

Tags: patch

Hi people,

ERC plans on basing its SASL library on sasl.el and friends. Although
rare, authorization (or "authz") support is sometimes needed by IRC
administrators wanting to authenticate as other users. It's also
expected by at least one IRC-compliance test suite [1]. The PLAIN
implementation in sasl.el currently offers implicit support via the
`authenticator-name' client property (see `sasl-plain-response'). This
patch proposes we do much the same with sasl-scram-rfc.el.

As for specifics, I've encapsulated the actual prop-lookup and
header-construction details in a new function that's called indirectly
via a new top-level variable (although perhaps that's just unnecessary
or more suited to a user option). The only other change appears in
`sasl-scram--client-final-message'. It concerns the base64 encoding of
the GS2 header and the client proof, both of which currently suffer from
occasional whitespace complications [2].

Anyway, ERC would benefit greatly from these (or superior) changes
because we'd like to introduce `erc-compat' analogs in an upcoming
release (probably ERC 5.6). If anyone out there can spare the time,
your feedback would be greatly appreciated.

Thanks,
J.P.

P.S. Tests covering these changes appear in the patch sets for bug#29108
and bug#49860.


[1] Authz support for PLAIN, with SCRAM possibly on the way:

    https://github.com/progval/irctest/blob/master/irctest/client_tests/sasl.py

[2] Calling `base64-encode-string' with NO-LINE-BREAK set to t seems to
    solve the issue, which is likely related to this excerpt from
    https://www.rfc-editor.org/rfc/rfc5802#section-2.1:
 
     "The use of base64 in SCRAM is restricted to the canonical form
      with no whitespace."
 
    FWIW, I tried advising `base64-encode-string' to avoid having to
    submit a patch, but it seems the byte compiler precomputes the
    result for certain constant params, like `cbind-input' in
    `sasl-scram--client-final-message'.


In GNU Emacs 29.0.50 (build 2, x86_64-pc-linux-gnu, GTK+ Version
 3.24.34, cairo version 1.17.6) of 2022-09-19 built on localhost
Repository revision: 132d5cb0a3ec94afbb49772631861e00160ffffb
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12014000
System Description: Fedora Linux 36 (Workstation Edition)

Configured using:
 'configure --enable-check-lisp-object-type --enable-checking=yes,glyphs
 'CFLAGS=-O0 -g3'
 PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB

Important settings:
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  line-number-mode: t
  indent-tabs-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
faces cus-face macroexp files window text-properties overlay sha1 md5
base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo
move-toolbar gtk x-toolkit xinput2 x multi-tty make-network-process
emacs)

Memory information:
((conses 16 36059 6198)
 (symbols 48 5107 0)
 (strings 32 13115 1641)
 (string-bytes 1 372299)
 (vectors 16 9247)
 (vector-slots 8 146583 10252)
 (floats 8 21 25)
 (intervals 56 220 0)
 (buffers 1000 10))

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Add-GS2-authorization-to-sasl-scram-rfc.patch --]
[-- Type: text/x-patch, Size: 2949 bytes --]

From 91e33541457a55e2e509d800cd8b9f97702e706d Mon Sep 17 00:00:00 2001
From: "F. Jason Park" <jp@neverwas.me>
Date: Mon, 19 Sep 2022 21:28:52 -0700
Subject: [PATCH 1/4] Add GS2 authorization to sasl-scram-rfc

* lisp/net/sasl-scram-rfc.el (sasl-scram-fs2-header-function,
sasl-scram-construct-gs2-header): Add new variable and default
function for determining a SCRAM GSS-API message header.
(sasl-scram-client-first-message): Use gs2-header function.
(sasl-scram--client-final-message): Use dedicated gs2-header function.
Also remove whitespace when base64-encoding, as per RFC 5802.
---
 lisp/net/sasl-scram-rfc.el | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/lisp/net/sasl-scram-rfc.el b/lisp/net/sasl-scram-rfc.el
index ee52ed6e07..f7a2e42541 100644
--- a/lisp/net/sasl-scram-rfc.el
+++ b/lisp/net/sasl-scram-rfc.el
@@ -45,14 +45,21 @@
 
 ;;; Generic for SCRAM-*
 
+(defvar sasl-scram-gs2-header-function 'sasl-scram-construct-gs2-header
+  "Function to create GS2 header.
+See https://www.rfc-editor.org/rfc/rfc5801#section-4.")
+
+(defun sasl-scram-construct-gs2-header (client)
+  ;; The "n," means the client doesn't support channel binding, and
+  ;; the trailing comma is included as per RFC 5801.
+  (let ((authzid (sasl-client-property client 'authenticator-name)))
+    (concat "n," (and authzid "a=") authzid ",")))
+
 (defun sasl-scram-client-first-message (client _step)
   (let ((c-nonce (sasl-unique-id)))
     (sasl-client-set-property client 'c-nonce c-nonce))
   (concat
-   ;; n = client doesn't support channel binding
-   "n,"
-   ;; TODO: where would we get authorization id from?
-   ","
+   (funcall sasl-scram-gs2-header-function client)
    (sasl-scram--client-first-message-bare client)))
 
 (defun sasl-scram--client-first-message-bare (client)
@@ -77,11 +84,11 @@ sasl-scram--client-final-message
 
 	 (c-nonce (sasl-client-property client 'c-nonce))
 	 ;; no channel binding, no authorization id
-	 (cbind-input "n,,"))
+         (cbind-input (funcall sasl-scram-gs2-header-function client)))
     (unless (string-prefix-p c-nonce nonce)
       (sasl-error "Invalid nonce from server"))
     (let* ((client-final-message-without-proof
-	    (concat "c=" (base64-encode-string cbind-input) ","
+            (concat "c=" (base64-encode-string cbind-input t) ","
 		    "r=" nonce))
 	   (password
 	    ;; TODO: either apply saslprep or disallow non-ASCII characters
@@ -113,7 +120,7 @@ sasl-scram--client-final-message
 	   (client-proof (funcall string-xor client-key client-signature))
 	   (client-final-message
 	    (concat client-final-message-without-proof ","
-		    "p=" (base64-encode-string client-proof))))
+                    "p=" (base64-encode-string client-proof t))))
       (sasl-client-set-property client 'auth-message auth-message)
       (sasl-client-set-property client 'salted-password salted-password)
       client-final-message)))
-- 
2.37.2

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[Lars Ingebrigtsen]

"J.P." <jp@neverwas.me> writes:

> Anyway, ERC would benefit greatly from these (or superior) changes
> because we'd like to introduce `erc-compat' analogs in an upcoming
> release (probably ERC 5.6). If anyone out there can spare the time,
> your feedback would be greatly appreciated.

Looks OK to me.

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[J.P.]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> "J.P." <jp@neverwas.me> writes:
>
>> Anyway, ERC would benefit greatly from these (or superior) changes
>> because we'd like to introduce `erc-compat' analogs in an upcoming
>> release (probably ERC 5.6). If anyone out there can spare the time,
>> your feedback would be greatly appreciated.
>
> Looks OK to me.

Cool, thanks.

                                * * *

Question for Philip (Cc'd):

Hi. When 29.1 is released, I might want to propose some of these updated
sasl-scram-rfc.el items for inclusion in Compat. However, one of them,

  `sasl-scram--client-final-message'

is obviously an internal function. Does that matter? Would you rather we
export it (as in rename it or alias it) beforehand (IOW, now)?

Thanks,
J.P.

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[Philip Kaludercic]

"J.P." <jp@neverwas.me> writes:

> Lars Ingebrigtsen <larsi@gnus.org> writes:
>
>> "J.P." <jp@neverwas.me> writes:
>>
>>> Anyway, ERC would benefit greatly from these (or superior) changes
>>> because we'd like to introduce `erc-compat' analogs in an upcoming
>>> release (probably ERC 5.6). If anyone out there can spare the time,
>>> your feedback would be greatly appreciated.
>>
>> Looks OK to me.
>
> Cool, thanks.
>
>                                 * * *
>
> Question for Philip (Cc'd):
>
> Hi. When 29.1 is released, I might want to propose some of these updated
> sasl-scram-rfc.el items for inclusion in Compat. However, one of them,
>
>   `sasl-scram--client-final-message'
>
> is obviously an internal function. Does that matter? Would you rather we
> export it (as in rename it or alias it) beforehand (IOW, now)?

I'd rather not add "internal functions" to Compat, at least in a way
that it would be exposed as part of the official Compat interface.  That
being said, I am not familiar with the feature being discussed here, so
maybe an exception has to be made?

> Thanks,
> J.P.

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[J.P.]

Philip Kaludercic <philipk@posteo.net> writes:

> "J.P." <jp@neverwas.me> writes:
>
>> is obviously an internal function. Does that matter? Would you rather we
>> export it (as in rename it or alias it) beforehand (IOW, now)?
>
> I'd rather not add "internal functions" to Compat, at least in a way
> that it would be exposed as part of the official Compat interface.  That
> being said, I am not familiar with the feature being discussed here,

The feature (also a bug fix) being discussed here concerns the final
client-side step of the SCRAM protocol. Basically, it computes a
challenge from the server and packs the answer into an outgoing reply.

> so maybe an exception has to be made?

No reason to. We can keep it internal (the "final step" function, that
is) and backport its logic, its helpers, and all (two-ish?) public
functions that call it (I'm likely adding a third).

Alternatively, we could

- have ERC restrict this feature to users of Emacs 29+, or
- stick with the status quo and manage this particular case manually via
  erc-comapt.el [1].

I'd be fine with any of the above, really.


[1] https://lists.gnu.org/archive/html/emacs-erc/2022-09/txtCuKCxr1b72.txt

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[Philip Kaludercic]

"J.P." <jp@neverwas.me> writes:

> Philip Kaludercic <philipk@posteo.net> writes:
>
>> "J.P." <jp@neverwas.me> writes:
>>
>>> is obviously an internal function. Does that matter? Would you rather we
>>> export it (as in rename it or alias it) beforehand (IOW, now)?
>>
>> I'd rather not add "internal functions" to Compat, at least in a way
>> that it would be exposed as part of the official Compat interface.  That
>> being said, I am not familiar with the feature being discussed here,
>
> The feature (also a bug fix) being discussed here concerns the final
> client-side step of the SCRAM protocol. Basically, it computes a
> challenge from the server and packs the answer into an outgoing reply.
>
>> so maybe an exception has to be made?
>
> No reason to. We can keep it internal (the "final step" function, that
> is) and backport its logic, its helpers, and all (two-ish?) public
> functions that call it (I'm likely adding a third).

There should be no issue with adding two or three functions to Compat.

> Alternatively, we could
>
> - have ERC restrict this feature to users of Emacs 29+, or
> - stick with the status quo and manage this particular case manually via
>   erc-comapt.el [1].
>
> I'd be fine with any of the above, really.

Do you think there is any interest in providing these functions outside
of ERC?  If so, I think adding the code to Compat ought to be fine.

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[J.P.]

Philip Kaludercic <philipk@posteo.net> writes:

> "J.P." <jp@neverwas.me> writes:
>
>> Alternatively, we could
>>
>> - have ERC restrict this feature to users of Emacs 29+, or
>> - stick with the status quo and manage this particular case manually via
>>   erc-comapt.el [1].
>>
>> I'd be fine with any of the above, really.
>
> Do you think there is any interest in providing these functions outside
> of ERC?  If so, I think adding the code to Compat ought to be fine.

Thanks, that's very generous, but somehow I doubt there'd be much
general interest (though I'd like to be wrong here). For now, I guess we
can just keep them in erc-compat until 29.1 is cut and maybe circle back
in the lead-up to 29.2, if that's agreeable to everyone.

bug#57956: 29.0.50; Add minimal authorization support to sasl-scram-rfc

[J.P.]

If no one has anything else to add, I will mark this as being cleared
for installation alongside the proposed changes from bug#29108, which
will hopefully be ready relatively shortly, pending any last looks. This
should allow time enough for human trials and feedback before ERC 5.5 is
finally released and Emacs 29 is cut. Thanks.